Method for authorizing operation permissions of form-field values
11507651 · 2022-11-22
Assignee
Inventors
Cpc classification
G06F21/45
PHYSICS
G06F2221/2145
PHYSICS
G06F21/6227
PHYSICS
G06F2221/2141
PHYSICS
G06F21/604
PHYSICS
International classification
Abstract
A method for authorizing operation permissions of form-field values is disclosed in the present invention, including a step of authorizing operation permissions of form-field values and a step of selecting a grantee; the step of authorizing operation permissions of form-field values includes: S1: selecting a form to be authorized, and displaying fields in the form that need operation permission control; and S2: authorizing the operation permissions to each value of the fields respectively, where the grantee is one or more roles, the role is an independent individual rather than a group or class, one role can only be related to a unique user during the same period, and one user is related to one or more roles. The present invention can achieve respective authorization for the operation permissions of form-field values, and improves the fineness of system management. In this method, multiple authorized roles can be selected at the same time to batch authorization, thus improving the authorization efficiency. In addition, this method supports template authorization. Two methods are combined, so that the authorization efficiency of operation permissions of form-field values in a system is greatly improved.
Claims
1. A method for authorizing one or more operation permissions of one or more form-field values in a form, comprising: setting the one or more operation permissions of the one or more form-field values comprising: selecting the form to be authorized, and displaying the one or more form fields in the form that need operation permission control; setting the one or more operation permissions for each form-field value of the one or more form fields respectively; and selecting a grantee for an operation permission for a form-field value, and said grantee comprises one or more roles, wherein one role is independent which is not a group or class, the one role is configured to be related to a user only during a same period, and the user is configured to be related to the one or more roles, and the user is configured to obtain one or more operation permissions of the related one role or more roles; wherein there is no sequence relation between setting the one or more operation permissions of the one or more form-field values and selecting the grantee.
2. The method according to claim 1, wherein said one or more operation permissions comprise one of or both of a viewing permission and a modification permission.
3. The method according to claim 2, wherein for a field value that does not have the viewing permission, the method further comprising: displaying the form field corresponding to the field value that does not have the viewing permission, but hiding the field value that does not have the viewing permission; or displaying neither the field value nor the form field corresponding to the field value that does not have the viewing permission.
4. The method according to claim 1, wherein when only one grantee is selected, and when the form to be authorized is selected, an operator who has last authorized one or more field values of the form to the grantee and an operation time are displayed.
5. The method according to claim 1, wherein the role belongs to a department, the role is unique under the department, the role is authorized according to work content of the role.
6. The method according to claim 5, wherein a name of said role is unique under the department, and a number of the role is unique in a system.
7. The method according to claim 5, wherein when the user is transferred across departments, the user's relation to the role in an original department is canceled, and the user is related to a role in a new department.
8. The method according to claim 1, further comprising creating an authorization template: selecting the grantee and an authorized form, selecting one or more roles as the grantee; authorizing the grantee by selecting an existing role or a preset template, and giving the operation permissions of form-field values of the existing role or the preset template to the grantee; and saving the operation permissions of form-field values of the grantee with or without modification as the authorization template for the grantee.
9. The method according to claim 6, wherein when the user is transferred across departments, the user's relation to the role in an original department is canceled, and the user is related to a role in a new department.
10. A method for authorizing one or more operation permissions of one or more form-field values in a form, comprising: setting the one or more operation permissions of the one or more form-field values comprising: selecting a form to be authorized; selecting an operation permission; and setting selecting a field in the form and configuring the selected filed to have the selected operation permission, so that one or more form-filed values of the selected field have the selected operation permission; and selecting a grantee for the operation permission for a form-field value of the selected filed, and said grantee comprises one or more roles, wherein one role is independent which is not a group or class, the one role is configured to be related to a user only during a same period, and the user is configured to be related to the one or more roles, and the user is configured to obtain one or more operation permissions of the related one role or more roles; wherein there is no sequence relation between setting the one or more operation permissions of the one or more form-field values and selecting the grantee.
Description
BRIEF DESCRIPTION OF THE DRAWINGS
Description of the Drawings
(1)
(2)
(3)
(4)
(5)
(6)
(7)
(8)
DETAILED DESCRIPTION
Description of Embodiments
(9) The technical solutions of the present invention will be further described in detail below with reference to the figures, but the protection scope of the present invention is not limited to the following descriptions.
Embodiment 1
(10) In this Embodiment, the Fields that Need Operation permission control are set first, and then the corresponding operation permissions are set.
(11) A method for authorizing operation permissions of form-field values includes a step of authorizing operation permissions of form-field values and a step of selecting a grantee, wherein there is no sequence relation between the step of authorizing operation permissions of form-field values and the step of selecting a grantee; the step of authorizing operation permissions of form-field values includes the following steps: S1: selecting a form to be authorized, and displaying fields in the form that need operation permission control; and S2: authorizing the operation permissions to each value of the fields respectively (the fields that need operation permission control displayed in S1 are authorized, and it is considered by default that a field value of a field which is not displayed in S1 and does not need permission control has a viewing and/or modification permission), where the operation permission includes one of or both a viewing permission and a modification permission.
(12) After the setting is completed, the grantee's permission to view or modify content (the field value) of each field in the form can be determined.
(13) The present invention can achieve respective authorization for the operation permissions of form-field values, thus improving the fineness of system management. The operation permissions include a viewing permission and a modification permission, which is especially suitable for the case that it needs to authorize the field values of form-fields respectively. For example, in an order form, a system role clerk 1 (Zhang San) is allowed to view “order number”, “customer name”, “customer address”, “industry of the customer”, “product model”, “product quantity”, and “product unit price”, but is not allowed to view the content (that is, field values) of sensitive fields such as “phone number” and “contact”. Through this method, respective authorization can be achieved rapidly. For another example, the clerk 1 (Zhang San) is allowed to view the content of the “product unit price” field but is not allowed to modify the content of the “product unit price” field, and this method can also achieve the permission setting rapidly. A setting effect figure is as shown in
(14) In this embodiment, as shown in
(15) In the following, the advantages of the method for authorizing operation permissions of field values to user through a role having the nature of an independent individual are analyzed: The user determines (obtains) permissions through its relation to the role. If the permissions of the user need to be modified, the permissions owned by the role are adjusted to achieve the object of changing the permissions of the user related to the role. Once the user is related to the role, the user owns all the operation permissions of the role.
(16) A role is in a one-to-one relation to a user (when the role is related to one user, other users can no longer be related to that role; and if the role is not related to the user, the role can be selected to be related to other users; that is, in the same period, one role can only be related to one user). A user is in a one-to-many relation to roles (one user can be related to multiple roles at the same time).
(17) Definition of a role: A role doesn't have the nature of a group/class/category/post/position/a type of work or the like, but is of a non-collective nature. The role is unique and is an independent individual. Applied in an enterprise or an institution, the role is equivalent to a post number (the post number herein is not a post, and one post may have multiple employees at the same time, but one post number can only correspond to one employee during the same period).
(18) For example, in a company system, the following roles may be created: a general manager, a deputy general manager 1, a deputy general manager 2, a manager of Beijing sales department I, a manager of Beijing sales department II, a manager of Beijing sales department III, a Shanghai sales engineer 1, a Shanghai sales engineer 2, a Shanghai sales engineer 3, a Shanghai sales engineer 4, a Shanghai sales engineer 5, and so on. The relation between users and roles is as follows: if Zhang San, the company's employee, serves as a deputy general manager 2 of the company and also serves as a manager of Beijing sales department I, roles to which Zhang San needs to be related are the deputy general manager 2 and the manager of Beijing sales department I, and Zhang San owns the permissions of the two roles.
(19) The concept of conventional roles has the nature of a group/a class/a post/a position/a type of work, and one role can correspond to multiple users. However, in the present application, the concept of “role” is equivalent to a post number/work station number, and is also similar to the role in a film and a television drama: one role in the same period (in childhood, juvenile, middle-age . . . ) can be played by only one actor or actress at the same time, but one actor or actress may play multiple roles.
(20) After the role is created, a user may be related to the role in the process of creating the user, or may be related to the role at any time after the user is created. After the user is related to the role, the user can be released from the relation to the role at any time, and the relation between the user and another role may be created at any time.
(21) The role is composed of: a post name+a post number, for example, a workshop worker 1, a workshop worker 2, a workshop worker 3, and so on. The role is an independent individual, and is equivalent to a concept of a post number or a work station number, but different from the role in a conventional permission management system. The concept of the role in the conventional permission management system has the nature of a group or class such as a post, a position, a type of work or the like.
(22) The following example shows the relationship among an employee, a user, and a role after Zhang San, an employee, enters a company as follows: 1. Recruiting: after the employee is recruited, the role of the corresponding post number or work station number is directly selected for the user (employee) to be related. For example, when Zhang San has joined the company (the company has assigned a user for Zhang San) and works at the sales department I to be responsible for sales of refrigerator products in Beijing area (the corresponding role is “sales engineer 5” under the sales department I), then the user Zhang San directly selects and is related to the role “sales engineer 5”.
(23) 2. Adding position: After Zhang San has worked for a period of time, the company further arranges Zhang San to be responsible for sales of TV products in Beijing area (the corresponding role is “sales engineer 8” under the sales department I) and to serve as a supervisor of an after-sales department (the corresponding role is “after-sales department supervisor 1). Therefore, two roles, that is, “sales engineer 8” under the sales department I and “after-sales department supervisor 1” under the after-sales department, are additionally related to the user Zhang San. In this case, the employee Zhang San is related to three roles: “sales engineer 5” and “sales engineer 8” under the sales department I, and “after-sales department supervisor 1” under the after-sales department. Therefore, the user Zhang San owns the permissions of the three roles.
(24) 3. Reducing position: After a while, the company has decided to let Zhang San serve as an after-sales department manager (corresponding to a role “after-sales manager” under the after-sales department) without taking up other positions any more. Therefore, the user Zhang San is related to the role “after-sales department manager” under the after-sales department, and is released from the relation to the previous three roles (“sales engineer 5” and “sales engineer 8” under the sales department I, and “after-sales department supervisor 1” under the sales department). In this case, the user Zhang San owns only the permissions of the role “after-sales department manager” under the after-sales department.
(25) 4. Adjusting permissions of a role (adjusting the permissions of the role itself): if the company has decided to add permissions to the after-sales department manager, the permissions only need to be added to the role of the after-sales department manager. With the increase in the permissions of the role of the after-sales department manager, the permissions of the user Zhang San are also increased.
(26) 5. Resignation: After one year, Zhang San resigns. It is only necessary to cancel the relation between the user Zhang San and the role “after-sales department manager” under the after-sales department.
(27) For example, during the dynamic operation of the company, recruiting and resigning of staff often occur continuously, but post numbers or work station numbers seldom change (or even remain unchanged within a period of time).
(28) Conventional authorization method: In the case of a large quantity of system function points, authorizing the conventional roles that have the nature of a group or class involves a large and cumbersome workload and is very error-prone, and errors are not easily detectable in a short time and tend to cause loss to a system user.
(29) Authorization method of the present application: in the present application, the authorization is made to the role having the nature of a post number or work station number in nature is authorized, and the user is related to the role to determine (obtain) permissions. Therefore, the permissions of the user are controlled by only a simple user-role relation. Controlling the permissions is simple, easily operable, clear, and explicit, thereby significantly improving the efficiency and reliability of authorization.
Embodiment 2
(30) In this embodiment, one or more grantees may be selected, and only one form to be authorized can be selected. There is one and only grantee selected, and when a form to be authorized is selected, an operator and operation time that field values of the form are authorized to the grantee recently are displayed.
(31) As shown in
(32) As shown in
(33) Displaying the recent operator helps track the accountability when an error occurs in authorizing permissions of form-field values, and displaying the recent operation time helps to determine intuitively whether the re-authorization of form-field value needs to be performed.
(34) For example, Li Si completed the last operation of authorizing operation permissions of field values of a contract form to a grantee Zhang San at 11:00 on May 21, 2015. When Zhang San is selected as the grantee and a contract is selected as a form to be authorized, it is displayed for the current authorization operator that the last contract form authorization is performed by Li Si at 11:00 on May 21, 2015 for Zhang San.
(35) If Zhang San should not have the permission to view the content of a confidential field, but the last authorization to Zhang San makes him own the permission to view the content of the confidential field, those responsible can be found by searching for the last authorization operator in a subsequent accountability tracking process.
(36) For another example, an operator needs to perform authorization of field values of a contract form to 100 grantees; however, the operator only finished authorizing to 70 grantees on that day. When the operator continued to authorize on the next day, the operator may view the last authorization time of each grantee to determine whether the grantee needs to be authorized. Alternatively, according to a time interval of authorization, all grantees that are authorized in a specified time interval can be found. By viewing the last time that and a grantee was authorized, it can be known how long the grantee's permissions have remained unchanged, which helps determine intuitively whether to re-authorize the grantee.
Embodiment 3
(37) In this embodiment, display modes of a field value that does not have the viewing permission include: (1) displaying a field corresponding to the field value, but hiding the field value by using a hiding symbol, where as shown in
(38) Field values with and without the modification permission also need to be differentiated during display. For example, a field value without the modification permission is displayed as gray shading, as shown in
(39) Specifically, one form includes basic fields and detail fields. The detail fields are column names on a detail list in the form. For example, in an order form, basic fields include order number, customer name, customer address, phone number, contact, industry of the client, and so on; detail fields include product model, product quantity, product unit price, and so on.
(40) Preferably, when an operator authorizes operation permissions of form-field values, the basic fields and detail fields can be differentiated during display, so as to be distinguished by the operator during authorization. As shown in
Embodiment 4
(41) In this embodiment, the method for authorizing operation permissions of form-field values further includes a template authorization step that specifically includes: (1) selecting a grantee and a form to be authorized, where one or more roles are selected as the grantee; (2) authorizing the grantee: selecting an existing role or a created template as an authorization template, and giving the operation permissions of form-field values in the authorization template to the grantee; and (3) obtaining the operation permissions of form-field values of the grantee after the operation permissions are saved with or without modification.
(42) As shown in
(43) In this method, multiple authorized roles can be selected at the same time to batch authorization, thus improving the authorization efficiency. In addition, this method supports template authorization, that is, selecting an existing role or a created template as an authorization template, and directly assigning (updating) the operation permissions of form-field values in the authorization template to the grantee (saved after simple modification). The authorization operation is simple and efficient. Two methods are combined, so that the authorization efficiency of operation permissions of form-field values in a system is greatly improved.
Embodiment 5
(44) In this embodiment, an operation permission is selected first, and then a field having the operation permission is set.
(45) A method for authorizing operation permissions of form-field values includes a step of authorizing operation permissions of form-field values and a step of selecting a grantee, wherein there is no sequence relation between the step of authorizing operation permissions of form-field values and the step of selecting a grantee. The step of authorizing operation permissions of form-field values includes the following steps: S1: selecting a form to be authorized; S2: selecting an operation permission to be authorized; and S3: setting a field in a form that has the selected operation permission, so that the set field has the selected operation permission (that is, having the corresponding operation permission for a field value of the field); the grantee is one or more roles, the role is an independent individual rather than a group or class, one role can only be related to a unique user during the same period, and one user is related to one or more roles.
(46) The above is only a preferred embodiment of the present invention, and it should be understood that the present invention is not limited to the forms disclosed herein, and is not to be construed as being limited to the other embodiments, but may be used in various other combinations, modifications and environments. Modification can be made by the techniques or knowledge of the above teachings or related art within the scope of the teachings herein. All changes and modifications made by those skilled in the art without departing from the spirit and scope of the present invention are intended to be within the protection scope of the appended claims.